Malicious code can set DatatypeConverterInterface, which has
VM-wide singleton semantics, before a genuine JAXB implementation sets one.
This allows malicious code to gain access to objects that it may otherwise
not have access to, such as Frame#getFrames() that belongs to
another application running in the same JVM.